Cyber Criminals Unleash First Offspring of Leaked ZeuS Trojan

Following the leakage of “the most pervasive” banking Trojan’s source code, ZeuS, cyber criminals have now developed the first new generation of web applications using the free resource.

Ice IX Botnet is the first new generation of web applications developed to manage centralized botnets through the HTTP protocol based on leaked ZeuS source code.

Last May, Peter Kruse, a security researcher with CSIS, urged financial institutions to prop up their online security measures as the source code of ZeuS Trojan has been leaked in the underground market.

“After rumors about the supposed merger between SpyEye and ZeuS, and the public release of the source of the latter, it was logical that the range of possibilities opened up even more for new cybercriminals into the ecosystem of crimeware,” said Jorge Mieres, Kaspersky lab expert.

Mieres added that it was only a matter of time for the emergence of new packages based on ZeuS crimeware to be realized. Now, it just did.

The crimeware of this style is designed to steal banking information. Zeus was first discovered in July 2007 when hackers tried to steal information from the United States Department of Transportation. It steals banking information by keystroke logging and capturing web form data within various browsers.

“So, it is very clear that we must focus attention on these threats and take into account that this ‘modified version of ZeuS’ has been in-the-wild since the beginning of year,” said Mieres.

The latest version of Ice IX Botnet is 1.0.5, and it is selling for a very competitive $1800 in the underground markets.

“It is clear that from now on, more new crimeware will be based on ZeuS code. New developers, hoping to profit from cybercrime, will attempt to create their own new alternatives based on this source,” Mieres warned.

Kaspersky Lab continues to investigate the impact not only of the threats from ZeuS Trojan but also of new emerging crimeware.